Could Your Router be Infected with Malware?
Certain threats out there are dangerous enough to cause major entities to warn against them. In particular, a recent malware by the name of VPNFilter has been deemed dangerous and prevalent enough that the FBI has addressed it. Since the malware targets routers (probably not your first guess in terms of possible vulnerabilities), it has considerable potential to become a nuisance for your organization.
VPNFilter is a malware that hides in your router and remains even if you restart the device. VPNFilter is known for prioritizing devices in Ukraine, but you should never count on the trend to protect you from known threats. It’s thought that the VPNFilter malware has its roots in a group called Sofacy, and the malware operates in three basic steps.
The first step for this malware is that it installs itself on the device and remains there even in the event that the router is rebooted or turned off. Second, the malware will install certain permissions on the router that allows it to change settings, manage files, and execute commands. The router can then proceed to brick itself, making it much more difficult for your organization to keep operations moving along. In its final stages, this malware lets a hacker see the data packets that are being sent to and from your organization’s device, meaning that they can then also issue commands and communicate with the device via a Tor web browser.
This threat was specifically mentioned by the FBI because of its persistence. While resetting the device will disable the second and third steps, the first will remain, creating an endless cycle if you don’t do anything about it.
Is Your Router Affected?
Even though not all routers are affected, the number is still quite considerable. Here is a list of affected brands:
If you would like a more comprehensive list of all affected devices, Symantec has a list on their website: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
How You Fix It
There is an easy fix to VPNFilter, and it’s to perform a factory reset on your router. This eliminates anything that’s currently installed from the first stage of VPNFilter’s attack. Of course, it’s also worth mentioning that the manufacturer of the router may have also administered a patch or security update resolving the vulnerability, so be sure to check for that as well so that it will never be an issue again.
For more great updates and tech tips, be sure to subscribe to White Mountain IT Services’s blog.
- Signs That Your Business Needs to Upgrade Your Crucial IT Chances are if you are in business today, there are a lot of devices on your network that you haven’t touched in years, might not be using, or don’t even need. Unfortunately, there are times when the technology you have doesn’t really do much other than take up space. If you feel like you are spendi...
- Identifying Personality Types will Help Your Networking Effo... One experience that almost everyone has been involved in is the clashing of personalities. This is only natural, as different people are born with different predispositions and are raised in differing environments. However, in the business world, one should do their best to keep personal differences...
- Advanced Malware is Targeted, Stealthy, Evasive, and Adaptiv... The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and advanced than the others. Advanced malware has th...
- Alert: New Malware Infects Millions of Mobile Devices While security experts tend to focus the brunt of their discussions on desktop OS vulnerabilities, there are plenty of mobile malware threats that fly under the radar. One such malware is called Hummer; a trojan that installs unwanted apps and malware on a device, and can be found on over a million ...
- Alert: Petya Ransomware May Be the Worst Yet Ransomware is such a popular method of attack used by hackers that new variants of it pop up every few months. Among these is Petya, a nasty new ransomware that masquerades as an unsolicited resume in an organization’s email inbox. Don’t be fooled, though; the only work these hackers are looking for...
- Alert: Hackers Posing as IT Support and Hijacking Computers One minute you’re browsing trusted sites on the Internet, the next, your PC freezes up and displays the dreaded blue screen of death, along with a fake tech support message. This strain of malware is duping plenty of computer users into calling the provided phone number, which only makes the situati...